Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
I would like to update the Tor in stable from 0.2.2.35 to 0.2.2.37.
This is an update on Tor's stable tree (instead of its development tree)
and the changes are thus rather conservative.
It fixes a couple of minor security issues, like no longer leaking
uninitialized memory, properly rejecting inputs where the number exceeds
valid values for its storage types, or not adding more bytes to input
buffers while renegotiating.
Furthermore, a few issues are resolved that might affect a user's
anonymity. These include things such as only building circuits when a
client knows a sufficient number of "exit" nodes, never using a bridge
as an exit, or reusing circuits in an unsafe manner.
Additionaly it updates the list of directory authorities, makes building
with newer and older openssl libraries safer (probably not important for
us) and makes building on a few other platforms more robust.
Tor versions 0.2.2.36 and .37 have been in unstable and testing for a
few weeks now and I am reasonably confident that 0.2.2.37 is fit for
being included in the next point release of squeeze.
May I prepare and upload a 0.2.2.37-1~squeeze1 tor package?
Cheers,
weasel
https://gitweb.torproject.org/debian/tor.git/blob/refs/heads/debian-0.2.2:/ChangeLoghttps://gitweb.torproject.org/debian/tor.git/blob/refs/heads/debian-0.2.2:/debian/changelog